When signing, embed the message after the signature. When verifying,
extract the message from the signature. (This requires that the signature
was created using -e and creates a new
message file as output.)

Sign and verify
gzip(1) archives,
where the signing data is embedded in the
gzip(1)
header.

The key and signature files created by
signify have the same format. The first
line of the file is a free form text comment that may be edited, so long as it
does not exceed a single line. Signature comments will be generated based on
the name of the secret key used for signing. This comment can then be used as
a hint for the name of the public key when verifying. The second line of the
file is the actual key or signature base64 encoded.